2b9384590194f1ced4a3e04a71d0f37a2eee3fbb468c9f2f9a3fee01da6825be

General

Target

2b9384590194f1ced4a3e04a71d0f37a2eee3fbb468c9f2f9a3fee01da6825be
Size

128KB
MD5

4efbcc0ac15983005ffa86cd1519e6f8
SHA1

f7ab60ba473f0170263275b6bf8c5b02f0e5f003
SHA256

2b9384590194f1ced4a3e04a71d0f37a2eee3fbb468c9f2f9a3fee01da6825be
SHA512

025a51437ef9e6f34a0df45198b64580c7604b68585c4f947af126d39b46d38f4483bd39c2d6e610498f79bf6d198062fe79f85c992ff4edbe9f39966c18ead2
SSDEEP

3072:WZCkzDfWkTj3JLwS9plMExgyut8816QY/mo65Q6G37EH4:WlTWkTj519nxgyutHdW

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

2b9384590194f1ced4a3e04a71d0f37a2eee3fbb468c9f2f9a3fee01da6825be
.exe windows x86

5262291051c03dab09df6336f785701d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_cexit
_XcptFilter
_exit
_c_exit
isspace
islower
isxdigit
__p__commode
__initenv
fprintf
_setmode
_iob
time
toupper
sscanf
exit
isdigit
__getmainargs
_initterm
__setusermatherr
__p__fmode
_adjust_fdiv
__set_app_type
_controlfp
_except_handler3
sprintf

kernel32

UnhandledExceptionFilter
GetLastError
QueryPerformanceCounter
GetTickCount
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
FormatMessageA
SetUnhandledExceptionFilter
LocalFree
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId

snmpapi

SnmpUtilMemAlloc
SnmpUtilMemFree
SnmpUtilVarBindFree
SnmpUtilOidCpy

ws2_32

gethostbyname
ntohl
inet_addr
WSAStartup

iphlpapi

GetUdpStatsFromStackEx
GetTcpStatsFromStackEx
GetIpStatsFromStackEx
GetIcmpStatsFromStackEx

user32

CharToOemBuffA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5262291051c03dab09df6336f785701d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

snmpapi

ws2_32

iphlpapi

user32

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 5KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 5KB

.UPX0
Size: 108KB - Virtual size: 260KB